**Prerequisites:** The main pre-requisite is a high degree of mathematical maturity. We will also rely on some rudimentary knowledge of probability, algorithms, and theory of computation. No prior knowledge of cryptography or number theory is required (but some familiarity will be helpful).

Although the course is intended for PhD students, interested undergraduate and Masters students are encouraged to contact the instructor.

Office hours: By appointment. Office 622 ISEC.

Other useful resources include:

Graduate Crypto Book by Dan Boneh and Victor Shoup.

Lecture Notes by Rafael Pass and Abhi Shelat.

Lecture notes by Yevgeniy Dodis

Lecture notes by Chris Peikert

Lecture notes by Boaz Barak.

Slides by Stefan Dziembowski.

Slides,Notes by Gil Segev.

- Problem set 1, due 09/27. pdf , latex.
- Problem set 2, due 10/9. pdf , latex.
- Problem set 3, due 10/25. pdf , latex.
- Problem set 4, due 11/15. pdf , latex.

Class/Date | Topic Covered | Notes |

Class 1, 9/6: | introduction, perfect secrecy, one-time pad, optimality. | notes , slides |

Class 2, 9/11: | authentication, secret sharing | scribe notes. |

Class 3, 9/13: | multiparty computation, statistical distance | scribe notes. |

Class 4, 9/18: | statistical security, computational security, indistinguishability | scribe notes. |

Class 5, 9/20: | pseudorandom generators (PRGs), increasing the output size | scribe notes |

Class 6, 9/25: | pseudorandom functions (PRFs), GGM construction from PRGs, CPA security | PRF notes, CPA notes (from 2015) |

Class 7, 9/27: | CPA encryption from PRFs, MACs from PRFs, one-way functions | scribe notes |

Class 8, 10/3: | Goldreich-Levin theorem | scribe notes I, scribe notes II (from 2015) |

Class 9, 10/4: | randomness extractors | scribe notes |

Class 10, 10/11: | weak OWFs, hardness amplification, universal OWFs | scribe notes |

Class 11, 10/16: | hash functions, Merkle-Damgaard, Merkle Tree, random oracle | scribe notes |

Class 12, 10/18: | number theory, cyclic groups | scribe notes |

Class 13, 10/23: | discrete logarithms, CDH and DDH assumptions, Diffie-Hellman Key-Agreement | scribe notes |

Class 14, 10/25: | ElGamal Encryption, hash functions from DL, PRGs from DDH, Naor-Reingold PRF | scribe notes |

Class 15, 10/30 | trapdoor-permutations, RSA | scribe notes |

Class 16, 11/1: | squaring modulo N, Rabin TDP, signatures from TDP in RO model | scribe notes |

Class 17, 11/6: | signatures from CRHFs (and OWFs), begin ID scheme | scribe notes |

Class 18, 11/8: | Schnorr ID Scheme, Schnorr signatures | scribe notes |

Class 19, 11/13: | zero-knowledge proofs for NP | |

Class 20, 11/15: | CCA security, construction in the RO model, begin Cramer-Shoup | |

Class 21, 11/26: | finish Cramer-Shoup, homomorphic encryption |

- One-time pad, optimality
- Pairwise-independent hashing and one-time MAC
- Secret-sharing
- Multiparty computation with honest majority

- Computational security, Indistinguishability, Hybrid Argument
- Pseudorandom generators, functions and permutations (block ciphers)
- Symmetric-key encryption and message authentication
- Collision-resistant hashing, Random oracle model
- One-way functions/permutations (OWF/OWP) and hard-core bits
- Goldreich-Levin theorem

- Arithmetic modulo a prime
- Discrete-logarithms, CDH/DDH Assumptions
- Diffie-Hellman Key-Exchange, ElGamal-Encryption
- Collision-resistant hashing from DL
- Naor-Reingold PRF
- Arithmetic modulo a composite, RSA encryption, Rabin cryptosystem

- Signatures from TDPs (RSA Sig)
- Signatures from OWFs
- Identification protocols, Schnorr and Okamoto schemes
- Schnorr signatures
- Zero-knowledge proofs

- Lattices, Learning with Errors (LWE), Short Integer Solution (SIS)
- Identity Based Encryption
- Fully Homomorphic Encryption
- Chosen Ciphertext Security

- Yao garbled circuits, Secure function evaluation
- Attribute-based encryption, functional Encryption
- Private information retrieval
- Obfuscation
- ...